Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3095

Agent crashes parsing json object over 4096 bytes

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 5.6.0.0, 5.6.1.0, 5.6.1.1, 5.6.1.2
    • 5.6.2.0, 5.7.0
    • Web Agents

    Description

      Problem

      Crashes have been observed in agent in json_memory in handling a json_session response when large (>4096/>8192) data is coming back in a session property. In the customer scenario this is because there is a samlresponse header parameter, but in theory there are other ways this could happen such as having a large amount of profile attributes

      Expected

      **Agent should be able to handle large amounts of properties in json processing

      Actual

      **These crashes were seen:

      /root/workspace/Agents/C_Agents_Release/source/apache/agent.c:846
      /root/workspace/Agents/C_Agents_Release/source/request.c:2264
      /root/workspace/Agents/C_Agents_Release/source/request.c:1095
      /root/workspace/Agents/C_Agents_Release/source/authorise.c:625
      /root/workspace/Agents/C_Agents_Release/source/authorise.c:465
      /root/workspace/Agents/C_Agents_Release/source/sdk_session.c:135 handle_json_session_response
      /root/workspace/Agents/C_Agents_Release/source/json/json_parser.c:409 switch with state case pre_object_value json_object_append_attr
      /root/workspace/Agents/C_Agents_Release/source/json/json_structure.c:38 slab_allocate?
      /root/workspace/Agents/C_Agents_Release/source/json/json_memory.c:47

      and

      /root/workspace/Agents/C_Agents_Release/source/authorise.c:625

      /root/workspace/Agents/C_Agents_Release/source/authorise.c:465
      /root/workspace/Agents/C_Agents_Release/source/sdk_session.c:168
      /root/workspace/Agents/C_Agents_Release/source/json/json_memory.c:73 slab_delete

      Reproduction steps

      Created hosted sp under openam root realm.
      imported ADFS metadata
      Created circle of trust between above two.
      Configured required configuration under ADFS server side.
      Created SAML chain under openam root realm.
      Created web agent under root realm.
      Enabled SSO mode only under web agent.
      Entered *https://realsuite-uat-fam.altisource.com/openam/XUI/?&realm=/&service=SAMLChain&goto=https%3A%2F%2Frealsuite-uat-fam.altisource.com%2F* as login URL
      Installed web agent 5.6 under Apache 2.4
      Restarted APache.
      Accessed protected resource.
      Could see Bad Gateway error (in the error logs, could see crash report from Apache 2.4)

      Attachments

        Issue Links

          Activity

            People

              alex.levin@forgerock.com Alex Levin
              alex.levin@forgerock.com Alex Levin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: